Protecting the Enterprise Against Unknown Malware

Last year stands out for the astronomical growth of malware, resulting in a significant increase in the sheer volume of cyber attacks on enterprises, organizations, nations and infrastructure. Some estimate that in 2016 malware attacks quadrupled from previous numbers.

It was a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts by state-sponsored groups to disrupt the democratic electoral process in many Western countries.

Cyber criminals caused unprecedented levels of disruption with relatively simple IT tools and cloud services.

In 2016, researchers at CheckPoint painted a dire picture of an average day in the life of a typical enterprise:

  • Every 81 seconds a known malware is downloaded
  • Every 4 minutes a high-risk application is used
  • Every 4 seconds an unknown malware is downloaded
  • Every 5 seconds a host accesses a malicious website
  • Every 53 seconds a bot communicates with its command and control center
  • Every 30 seconds a threat emulation occurs

The research also indicated a massive jump in the volume of unknown malware being created and downloaded: a 900% increase, with more than 970 downloads per hour - compared with 106 previously. More than 12 million new malware variants were released each month.

The rate at which new malware is being developed has soared - data shows that more new malware has been developed in the past few years than in the previous 10 years combined. Malware is being developed at such a rate that traditional anti-virus and anti-malware software solutions are struggling to keep up.

Impact of Cyberattacks

There is no dispute, the proliferation of malware and cyberattacks is at an all-time high, and forecast to continue to increase. There are many ways that malware is used to attack enterprises and organizations - however fileless malware and other advanced persistent threats such as botnets, rootkits, RATs, macro enabled documents and scripts are arguably the most dangerous. These threats bypass security defenses, usually remain undetected for long periods of time, and are difficult to track even once the problem has surfaced.

Overall economic cybercrime has evolved to a point where one can segment it into two distinct categories — the kind that steal money or data that is monetizable and bruise reputations; and the kind that steal IP and lay waste to an entire business. The latter are often classified as 'transfer of wealth' attacks.

While the long-term damage, both to organizations and the economy, is potentially far higher for transfer of wealth attacks - the regulatory pain, loss of investor confidence and media scrutiny arising from the theft of funds, medical data, financial details or of personally identifiable information can be damaging too. As regulation and oversight catches up, organizations will increasingly find themselves having to deal with legal implications in the event of an incident occurring.

Threat Outlook in 2017

To learn more about the increased threats in 2017 and to get guidance on how to respond and react to malware using threat hunting download the white paper on Protecting the Enterprise Against Unknown Malware.